CVE-2024-12209

CRITICAL EXPLOITED NUCLEI

WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-12209 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Nxploited, RandomRobbieBF, Boshe99. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python script that exploits an unauthenticated Local File Inclusion (LFI) vulnerability in WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0. The exploit constructs a malicious URL to read arbitrary files from the target system via path traversal.

Description

The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Exploits (3)

nomisec WORKING POC 3 stars
by Nxploited · infoleak
https://github.com/Nxploited/CVE-2024-12209

This repository contains a functional Python script that exploits an unauthenticated Local File Inclusion (LFI) vulnerability in WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0. The exploit constructs a malicious URL to read arbitrary files from the target system via path traversal.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0
No auth needed
Prerequisites: Target URL must be accessible · Vulnerable version of WP Umbrella must be installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by RandomRobbieBF · infoleak
https://github.com/RandomRobbieBF/CVE-2024-12209

The repository provides a functional proof-of-concept for CVE-2024-12209, demonstrating an unauthenticated Local File Inclusion (LFI) vulnerability in the WP Umbrella WordPress plugin. The PoC includes a URL example that successfully retrieves the contents of /etc/passwd, confirming the exploit's effectiveness.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0
No auth needed
Prerequisites: Target must have the vulnerable WP Umbrella plugin installed and active
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC
by Boshe99 · pythonpoc
https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-12209

The repository contains functional exploit code for CVE-2024-12209, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin 3DPrint Lite 1.9.1.4
No auth needed
Prerequisites: target URL · path to a file to upload
devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion
CRITICALVERIFIEDby s4e-io
FOFA: body="/wp-content/plugins/wp-health"

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.1504
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2024-12-05
CWE
CWE-98
Status published
Products (1)
wphealth/WP Umbrella: Update Backup Restore & Monitoring < 2.17.0
Published Dec 08, 2024
Tracked Since Feb 18, 2026